Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 438
Alerts This Week
Warning Icon 1 438

Debian DSA-3945-1 High: kernel privilege escalation and service threats

debian
Calendar Grey August 17, 2017
Debian Logo
Debian DSA-3946-1 details several critical weaknesses within the kernel jeopardizing system integrity. Prompt updates are strongly advised.
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks

Summary

CVE-2014-9940

A use-after-free flaw in the voltage and current regulator driver
could allow a local user to cause a denial of service or potentially
escalate privileges.

CVE-2017-7346

Li Qiang discovered that the DRM driver for VMware virtual GPUs does
not properly check user-controlled values in the
vmw_surface_define_ioctl() functions for upper limits. A local user
can take advantage of this flaw to cause a denial of service.

CVE-2017-7482

Shi Lei discovered that RxRPC Kerberos 5 ticket handling code does
not properly verify metadata, leading to information disclosure,
denial of service or potentially execution of arbitrary code.

CVE-2017-7533

Fan Wu and Shixiong Zhao discovered a race condition between inotify
events and VFS rename operations allowing an unprivileged local
attacker to cause a denial of service or escalate privileges.

CVE-2017-7541

A buffer overflow flaw in the Broadcom IEEE802.11n PCIe SoftMAC WLAN
driver could allow a loc...

Read the Full Advisory

Package: linux
CVE ID: CVE-2014-9940 CVE-2017-7346 CVE-2017-7482 CVE-2017-7533

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.